Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-45154 (GCVE-0-2022-45154)
Vulnerability from cvelistv5 – Published: 2023-02-15 00:00 – Updated: 2025-03-18 19:24
VLAI
EPSS
Title
supportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh
Summary
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 12 |
Affected:
supportutils , ≤ 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 15 |
Affected:
supportutils , ≤ 3.1.21-150000.5.44.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 15 SP3 |
Affected:
supportutils , ≤ 3.1.21-150300.7.35.15.1
(custom)
|
Date Public
2023-01-26 00:00
Credits
Nozomi Matsuzawa
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T19:24:29.999217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T19:24:37.461Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 12",
"vendor": "SUSE",
"versions": [
{
"lessThanOrEqual": "3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information",
"status": "affected",
"version": "supportutils",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 15",
"vendor": "SUSE",
"versions": [
{
"lessThanOrEqual": "3.1.21-150000.5.44.1",
"status": "affected",
"version": "supportutils",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 15 SP3",
"vendor": "SUSE",
"versions": [
{
"lessThanOrEqual": "3.1.21-150300.7.35.15.1",
"status": "affected",
"version": "supportutils",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nozomi Matsuzawa"
}
],
"datePublic": "2023-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-15T00:00:00.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1207598",
"defect": [
"1207598"
],
"discovery": "INTERNAL"
},
"title": "supportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2022-45154",
"datePublished": "2023-02-15T00:00:00.000Z",
"dateReserved": "2022-11-11T00:00:00.000Z",
"dateUpdated": "2025-03-18T19:24:37.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-45154",
"date": "2026-06-03",
"epss": "0.00015",
"percentile": "0.03155"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-45154\",\"sourceIdentifier\":\"meissner@suse.de\",\"published\":\"2023-02-15T10:15:17.377\",\"lastModified\":\"2024-11-21T07:28:51.833\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de almacenamiento de texto plano de informaci\u00f3n confidencial en las utilidades de soporte de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 permite a los atacantes que obtienen acceso a los registros de soporte obtener conocimiento de las credenciales almacenadas. Este problema afecta a: SUSE Linux Enterprise Server 12 supportutils versi\u00f3n 3.0.10-95.51.1CWE-312: almacenamiento de texto plano de informaci\u00f3n confidencial y versiones anteriores. SUSE Linux Enterprise Server 15 supportutils versi\u00f3n 3.1.21-150000.5.44.1 y versiones anteriores. SUSE Linux Enterprise Server 15 SP3 supportutils versi\u00f3n 3.1.21-150300.7.35.15.1 y versiones anteriores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-312\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.10-95.51.1\",\"matchCriteriaId\":\"8CA61E84-D366-4E82-A0F2-B26445610EB6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"15FC9014-BD85-4382-9D04-C0703E901D7A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.1.21-150000.5.44.1\",\"matchCriteriaId\":\"3CA4BD70-03B8-4CBD-8532-C75BC77F3722\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BB4DDAB-D900-4EC0-99E8-1D6AB48F6D20\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.1.21-150300.7.35.15.1\",\"matchCriteriaId\":\"02F152EA-2162-4750-9A40-01BAD9FAF936\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C2EACE6-C127-4B13-8002-8EEBEE8D549B\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1207598\",\"source\":\"meissner@suse.de\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1207598\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1207598\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T14:09:56.382Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-45154\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-18T19:24:29.999217Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-18T19:21:39.808Z\"}}], \"cna\": {\"title\": \"supportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh\", \"source\": {\"defect\": [\"1207598\"], \"advisory\": \"https://bugzilla.suse.com/show_bug.cgi?id=1207598\", \"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Nozomi Matsuzawa\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"SUSE\", \"product\": \"SUSE Linux Enterprise Server 12\", \"versions\": [{\"status\": \"affected\", \"version\": \"supportutils\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information\"}]}, {\"vendor\": \"SUSE\", \"product\": \"SUSE Linux Enterprise Server 15\", \"versions\": [{\"status\": \"affected\", \"version\": \"supportutils\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.1.21-150000.5.44.1\"}]}, {\"vendor\": \"SUSE\", \"product\": \"SUSE Linux Enterprise Server 15 SP3\", \"versions\": [{\"status\": \"affected\", \"version\": \"supportutils\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.1.21-150300.7.35.15.1\"}]}], \"datePublic\": \"2023-01-26T00:00:00.000Z\", \"references\": [{\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1207598\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-312\", \"description\": \"CWE-312: Cleartext Storage of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"404e59f5-483d-4b8a-8e7a-e67604dd8afb\", \"shortName\": \"suse\", \"dateUpdated\": \"2023-02-15T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-45154\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-18T19:24:37.461Z\", \"dateReserved\": \"2022-11-11T00:00:00.000Z\", \"assignerOrgId\": \"404e59f5-483d-4b8a-8e7a-e67604dd8afb\", \"datePublished\": \"2023-02-15T00:00:00.000Z\", \"assignerShortName\": \"suse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2022-45154
Vulnerability from fkie_nvd - Published: 2023-02-15 10:15 - Updated: 2024-11-21 07:28
Severity
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.
References
| URL | Tags | ||
|---|---|---|---|
| meissner@suse.de | https://bugzilla.suse.com/show_bug.cgi?id=1207598 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1207598 | Exploit, Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | supportutils | * | |
| suse | linux_enterprise_server | 12 | |
| opensuse | supportutils | * | |
| suse | linux_enterprise_server | 15 | |
| opensuse | supportutils | * | |
| suse | linux_enterprise_server | 15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA61E84-D366-4E82-A0F2-B26445610EB6",
"versionEndIncluding": "3.0.10-95.51.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
"matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA4BD70-03B8-4CBD-8532-C75BC77F3722",
"versionEndIncluding": "3.1.21-150000.5.44.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:*:*:*:*",
"matchCriteriaId": "0BB4DDAB-D900-4EC0-99E8-1D6AB48F6D20",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02F152EA-2162-4750-9A40-01BAD9FAF936",
"versionEndIncluding": "3.1.21-150300.7.35.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6C2EACE6-C127-4B13-8002-8EEBEE8D549B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de almacenamiento de texto plano de informaci\u00f3n confidencial en las utilidades de soporte de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 permite a los atacantes que obtienen acceso a los registros de soporte obtener conocimiento de las credenciales almacenadas. Este problema afecta a: SUSE Linux Enterprise Server 12 supportutils versi\u00f3n 3.0.10-95.51.1CWE-312: almacenamiento de texto plano de informaci\u00f3n confidencial y versiones anteriores. SUSE Linux Enterprise Server 15 supportutils versi\u00f3n 3.1.21-150000.5.44.1 y versiones anteriores. SUSE Linux Enterprise Server 15 SP3 supportutils versi\u00f3n 3.1.21-150300.7.35.15.1 y versiones anteriores."
}
],
"id": "CVE-2022-45154",
"lastModified": "2024-11-21T07:28:51.833",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "meissner@suse.de",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-15T10:15:17.377",
"references": [
{
"source": "meissner@suse.de",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598"
}
],
"sourceIdentifier": "meissner@suse.de",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "meissner@suse.de",
"type": "Secondary"
}
]
}
GHSA-QRGP-9JWV-233W
Vulnerability from github – Published: 2023-02-15 12:30 – Updated: 2023-02-24 21:30
VLAI
Details
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.
Severity
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2022-45154"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-15T10:15:00Z",
"severity": "MODERATE"
},
"details": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.",
"id": "GHSA-qrgp-9jwv-233w",
"modified": "2023-02-24T21:30:19Z",
"published": "2023-02-15T12:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45154"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2022-45154
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-45154",
"description": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.",
"id": "GSD-2022-45154",
"references": [
"https://www.suse.com/security/cve/CVE-2022-45154.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-45154"
],
"details": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.",
"id": "GSD-2022-45154",
"modified": "2023-12-13T01:19:24.291851Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2023-01-26T00:00:00.000Z",
"ID": "CVE-2022-45154",
"STATE": "PUBLIC",
"TITLE": "supportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 12",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "supportutils",
"version_value": "3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 15",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "supportutils",
"version_value": "3.1.21-150000.5.44.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 15 SP3",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "supportutils",
"version_value": "3.1.21-150300.7.35.15.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nozomi Matsuzawa"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1207598",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1207598",
"defect": [
"1207598"
],
"discovery": "INTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.10-95.51.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.21-150000.5.44.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.21-150300.7.35.15.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2022-45154"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1207598",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-02-24T18:58Z",
"publishedDate": "2023-02-15T10:15Z"
}
}
}
OPENSUSE-SU-2024:12970-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
supportutils-3.1.25-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: supportutils-3.1.25-1.1 on GA media
Description of the patch: These are all security issues fixed in the supportutils-3.1.25-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12970
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:supportutils-3.1.25-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:supportutils-3.1.25-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:supportutils-3.1.25-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:supportutils-3.1.25-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "supportutils-3.1.25-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the supportutils-3.1.25-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12970",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12970-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45154 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45154/"
}
],
"title": "supportutils-3.1.25-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12970-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "supportutils-3.1.25-1.1.aarch64",
"product": {
"name": "supportutils-3.1.25-1.1.aarch64",
"product_id": "supportutils-3.1.25-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "supportutils-3.1.25-1.1.ppc64le",
"product": {
"name": "supportutils-3.1.25-1.1.ppc64le",
"product_id": "supportutils-3.1.25-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "supportutils-3.1.25-1.1.s390x",
"product": {
"name": "supportutils-3.1.25-1.1.s390x",
"product_id": "supportutils-3.1.25-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "supportutils-3.1.25-1.1.x86_64",
"product": {
"name": "supportutils-3.1.25-1.1.x86_64",
"product_id": "supportutils-3.1.25-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.25-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:supportutils-3.1.25-1.1.aarch64"
},
"product_reference": "supportutils-3.1.25-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.25-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:supportutils-3.1.25-1.1.ppc64le"
},
"product_reference": "supportutils-3.1.25-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.25-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:supportutils-3.1.25-1.1.s390x"
},
"product_reference": "supportutils-3.1.25-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.25-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:supportutils-3.1.25-1.1.x86_64"
},
"product_reference": "supportutils-3.1.25-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-45154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45154"
}
],
"notes": [
{
"category": "general",
"text": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:supportutils-3.1.25-1.1.aarch64",
"openSUSE Tumbleweed:supportutils-3.1.25-1.1.ppc64le",
"openSUSE Tumbleweed:supportutils-3.1.25-1.1.s390x",
"openSUSE Tumbleweed:supportutils-3.1.25-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45154",
"url": "https://www.suse.com/security/cve/CVE-2022-45154"
},
{
"category": "external",
"summary": "SUSE Bug 1207598 for CVE-2022-45154",
"url": "https://bugzilla.suse.com/1207598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:supportutils-3.1.25-1.1.aarch64",
"openSUSE Tumbleweed:supportutils-3.1.25-1.1.ppc64le",
"openSUSE Tumbleweed:supportutils-3.1.25-1.1.s390x",
"openSUSE Tumbleweed:supportutils-3.1.25-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:supportutils-3.1.25-1.1.aarch64",
"openSUSE Tumbleweed:supportutils-3.1.25-1.1.ppc64le",
"openSUSE Tumbleweed:supportutils-3.1.25-1.1.s390x",
"openSUSE Tumbleweed:supportutils-3.1.25-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-45154"
}
]
}
SUSE-SU-2023:2465-1
Vulnerability from csaf_suse - Published: 2023-06-08 07:43 - Updated: 2023-06-08 07:43Summary
Security update for supportutils
Severity
Moderate
Notes
Title of the patch: Security update for supportutils
Description of the patch: This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords from supportconfig archive (bsc#1207598).
Bug fixes:
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Changed _sanitize_file to include lio_setup.sh (bsc#1206350)
Patchnames: SUSE-2023-2465,SUSE-SLE-SERVER-12-SP5-2023-2465
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:supportutils-3.0.11-95.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:supportutils-3.0.11-95.54.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for supportutils",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for supportutils fixes the following issues:\n\nSecurity fixes:\n\n- CVE-2022-45154: Removed iSCSI passwords from supportconfig archive (bsc#1207598).\n\nBug fixes:\n\n- Fixed missing status detail for apparmor (bsc#1196933)\n- Corrected invalid argument list in docker.txt (bsc#1206608)\n- Changed _sanitize_file to include lio_setup.sh (bsc#1206350)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-2465,SUSE-SLE-SERVER-12-SP5-2023-2465",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2465-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:2465-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20232465-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:2465-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-June/029775.html"
},
{
"category": "self",
"summary": "SUSE Bug 1196933",
"url": "https://bugzilla.suse.com/1196933"
},
{
"category": "self",
"summary": "SUSE Bug 1206350",
"url": "https://bugzilla.suse.com/1206350"
},
{
"category": "self",
"summary": "SUSE Bug 1206608",
"url": "https://bugzilla.suse.com/1206608"
},
{
"category": "self",
"summary": "SUSE Bug 1207598",
"url": "https://bugzilla.suse.com/1207598"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45154 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45154/"
}
],
"title": "Security update for supportutils",
"tracking": {
"current_release_date": "2023-06-08T07:43:26Z",
"generator": {
"date": "2023-06-08T07:43:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:2465-1",
"initial_release_date": "2023-06-08T07:43:26Z",
"revision_history": [
{
"date": "2023-06-08T07:43:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "supportutils-3.0.11-95.54.1.noarch",
"product": {
"name": "supportutils-3.0.11-95.54.1.noarch",
"product_id": "supportutils-3.0.11-95.54.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.0.11-95.54.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:supportutils-3.0.11-95.54.1.noarch"
},
"product_reference": "supportutils-3.0.11-95.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.0.11-95.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:supportutils-3.0.11-95.54.1.noarch"
},
"product_reference": "supportutils-3.0.11-95.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-45154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45154"
}
],
"notes": [
{
"category": "general",
"text": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:supportutils-3.0.11-95.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:supportutils-3.0.11-95.54.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45154",
"url": "https://www.suse.com/security/cve/CVE-2022-45154"
},
{
"category": "external",
"summary": "SUSE Bug 1207598 for CVE-2022-45154",
"url": "https://bugzilla.suse.com/1207598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:supportutils-3.0.11-95.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:supportutils-3.0.11-95.54.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:supportutils-3.0.11-95.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:supportutils-3.0.11-95.54.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-08T07:43:26Z",
"details": "moderate"
}
],
"title": "CVE-2022-45154"
}
]
}
SUSE-SU-2023:3803-1
Vulnerability from csaf_suse - Published: 2023-09-27 12:35 - Updated: 2023-09-27 12:35Summary
Security update for supportutils
Severity
Moderate
Notes
Title of the patch: Security update for supportutils
Description of the patch: This update for supportutils fixes the following issues:
Security Fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
Patchnames: SUSE-2023-3803,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3803,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3803,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3803,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3803,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3803,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3803,SUSE-Storage-7-2023-3803
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:supportutils-3.1.26-150000.5.50.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-3.1.26-150000.5.50.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-3.1.26-150000.5.50.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-3.1.26-150000.5.50.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-3.1.26-150000.5.50.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-3.1.26-150000.5.50.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-3.1.26-150000.5.50.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for supportutils",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for supportutils fixes the following issues:\n\nSecurity Fixes:\n\n- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).\n\nOther fixes:\n\n- Changes in version 3.1.26\n + powerpc plugin to collect the slots and active memory (bsc#1210950)\n + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154\n + supportconfig: collect BPF information (pr#154)\n + Added additional iscsi information (pr#155)\n\n- Added run time detection (bsc#1213127)\n\n- Changes for supportutils version 3.1.25\n + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)\n + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)\n + powerpc: collect invscout logs (pr#150)\n + powerpc: collect RMC status logs (pr#151)\n + Added missing nvme nbft commands (bsc#1211599)\n + Fixed invalid nvme commands (bsc#1211598)\n + Added missing podman information (PED-1703, bsc#1181477)\n + Removed dependency on sysfstools\n + Check for systool use (bsc#1210015)\n + Added selinux checking (bsc#1209979)\n + Updated SLES_VER matrix\n\n- Fixed missing status detail for apparmor (bsc#1196933)\n- Corrected invalid argument list in docker.txt (bsc#1206608)\n- Applies limit equally to sar data and text files (bsc#1207543)\n- Collects hwinfo hardware logs (bsc#1208928)\n- Collects lparnumascore logs (issue#148)\n\n- Add dependency to `numactl` on ppc64le and `s390x`, this enforces\n that `numactl --hardware` data is provided in supportconfigs\n\n- Changes to supportconfig.rc version 3.1.11-35\n + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)\n\n- Changes to supportconfig version 3.1.11-46.4\n + Added plymouth_info \n\n- Changes to getappcore version 1.53.02\n + The location of chkbin was updated earlier. This documents that\n change (bsc#1205533, bsc#1204942)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3803,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3803,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3803,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3803,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3803,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3803,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3803,SUSE-Storage-7-2023-3803",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3803-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3803-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233803-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3803-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-September/031719.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181477",
"url": "https://bugzilla.suse.com/1181477"
},
{
"category": "self",
"summary": "SUSE Bug 1196933",
"url": "https://bugzilla.suse.com/1196933"
},
{
"category": "self",
"summary": "SUSE Bug 1204942",
"url": "https://bugzilla.suse.com/1204942"
},
{
"category": "self",
"summary": "SUSE Bug 1205533",
"url": "https://bugzilla.suse.com/1205533"
},
{
"category": "self",
"summary": "SUSE Bug 1206402",
"url": "https://bugzilla.suse.com/1206402"
},
{
"category": "self",
"summary": "SUSE Bug 1206608",
"url": "https://bugzilla.suse.com/1206608"
},
{
"category": "self",
"summary": "SUSE Bug 1207543",
"url": "https://bugzilla.suse.com/1207543"
},
{
"category": "self",
"summary": "SUSE Bug 1207598",
"url": "https://bugzilla.suse.com/1207598"
},
{
"category": "self",
"summary": "SUSE Bug 1208928",
"url": "https://bugzilla.suse.com/1208928"
},
{
"category": "self",
"summary": "SUSE Bug 1209979",
"url": "https://bugzilla.suse.com/1209979"
},
{
"category": "self",
"summary": "SUSE Bug 1210015",
"url": "https://bugzilla.suse.com/1210015"
},
{
"category": "self",
"summary": "SUSE Bug 1210950",
"url": "https://bugzilla.suse.com/1210950"
},
{
"category": "self",
"summary": "SUSE Bug 1211598",
"url": "https://bugzilla.suse.com/1211598"
},
{
"category": "self",
"summary": "SUSE Bug 1211599",
"url": "https://bugzilla.suse.com/1211599"
},
{
"category": "self",
"summary": "SUSE Bug 1213127",
"url": "https://bugzilla.suse.com/1213127"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45154 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45154/"
}
],
"title": "Security update for supportutils",
"tracking": {
"current_release_date": "2023-09-27T12:35:44Z",
"generator": {
"date": "2023-09-27T12:35:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3803-1",
"initial_release_date": "2023-09-27T12:35:44Z",
"revision_history": [
{
"date": "2023-09-27T12:35:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "supportutils-3.1.26-150000.5.50.1.noarch",
"product": {
"name": "supportutils-3.1.26-150000.5.50.1.noarch",
"product_id": "supportutils-3.1.26-150000.5.50.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150000.5.50.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-3.1.26-150000.5.50.1.noarch"
},
"product_reference": "supportutils-3.1.26-150000.5.50.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150000.5.50.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-3.1.26-150000.5.50.1.noarch"
},
"product_reference": "supportutils-3.1.26-150000.5.50.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150000.5.50.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-3.1.26-150000.5.50.1.noarch"
},
"product_reference": "supportutils-3.1.26-150000.5.50.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150000.5.50.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-3.1.26-150000.5.50.1.noarch"
},
"product_reference": "supportutils-3.1.26-150000.5.50.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150000.5.50.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-3.1.26-150000.5.50.1.noarch"
},
"product_reference": "supportutils-3.1.26-150000.5.50.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150000.5.50.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-3.1.26-150000.5.50.1.noarch"
},
"product_reference": "supportutils-3.1.26-150000.5.50.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150000.5.50.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:supportutils-3.1.26-150000.5.50.1.noarch"
},
"product_reference": "supportutils-3.1.26-150000.5.50.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-45154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45154"
}
],
"notes": [
{
"category": "general",
"text": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-3.1.26-150000.5.50.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45154",
"url": "https://www.suse.com/security/cve/CVE-2022-45154"
},
{
"category": "external",
"summary": "SUSE Bug 1207598 for CVE-2022-45154",
"url": "https://bugzilla.suse.com/1207598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-3.1.26-150000.5.50.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-3.1.26-150000.5.50.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-3.1.26-150000.5.50.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-27T12:35:44Z",
"details": "moderate"
}
],
"title": "CVE-2022-45154"
}
]
}
SUSE-SU-2023:3822-1
Vulnerability from csaf_suse - Published: 2023-09-27 16:40 - Updated: 2023-09-27 16:40Summary
Security update for supportutils
Severity
Moderate
Notes
Title of the patch: Security update for supportutils
Description of the patch: This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other Fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
Patchnames: SUSE-2023-3822,SUSE-SLE-Micro-5.3-2023-3822,SUSE-SLE-Micro-5.4-2023-3822,SUSE-SLE-Module-Basesystem-15-SP4-2023-3822,SUSE-SLE-Module-Basesystem-15-SP5-2023-3822,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3822,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3822,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3822,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3822,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3822,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3822,SUSE-SUSE-MicroOS-5.1-2023-3822,SUSE-SUSE-MicroOS-5.2-2023-3822,SUSE-Storage-7.1-2023-3822,openSUSE-SLE-15.4-2023-3822,openSUSE-SLE-15.5-2023-3822
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for supportutils",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for supportutils fixes the following issues:\n\nSecurity fixes:\n\n- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).\n\nOther Fixes:\n\n- Changes in version 3.1.26\n + powerpc plugin to collect the slots and active memory (bsc#1210950)\n + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154\n + supportconfig: collect BPF information (pr#154)\n + Added additional iscsi information (pr#155)\n\n- Added run time detection (bsc#1213127)\n\n- Changes for supportutils version 3.1.25\n + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)\n + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)\n + powerpc: collect invscout logs (pr#150)\n + powerpc: collect RMC status logs (pr#151)\n + Added missing nvme nbft commands (bsc#1211599)\n + Fixed invalid nvme commands (bsc#1211598)\n + Added missing podman information (PED-1703, bsc#1181477)\n + Removed dependency on sysfstools\n + Check for systool use (bsc#1210015)\n + Added selinux checking (bsc#1209979)\n + Updated SLES_VER matrix\n\n- Fixed missing status detail for apparmor (bsc#1196933)\n- Corrected invalid argument list in docker.txt (bsc#1206608)\n- Applies limit equally to sar data and text files (bsc#1207543)\n- Collects hwinfo hardware logs (bsc#1208928)\n- Collects lparnumascore logs (issue#148)\n\n- Add dependency to `numactl` on ppc64le and `s390x`, this enforces\n that `numactl --hardware` data is provided in supportconfigs\n\n- Changes to supportconfig.rc version 3.1.11-35\n + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)\n\n- Changes to supportconfig version 3.1.11-46.4\n + Added plymouth_info \n\n- Changes to getappcore version 1.53.02\n + The location of chkbin was updated earlier. This documents that\n change (bsc#1205533, bsc#1204942)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3822,SUSE-SLE-Micro-5.3-2023-3822,SUSE-SLE-Micro-5.4-2023-3822,SUSE-SLE-Module-Basesystem-15-SP4-2023-3822,SUSE-SLE-Module-Basesystem-15-SP5-2023-3822,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3822,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3822,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3822,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3822,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3822,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3822,SUSE-SUSE-MicroOS-5.1-2023-3822,SUSE-SUSE-MicroOS-5.2-2023-3822,SUSE-Storage-7.1-2023-3822,openSUSE-SLE-15.4-2023-3822,openSUSE-SLE-15.5-2023-3822",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3822-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3822-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233822-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3822-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-September/031743.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181477",
"url": "https://bugzilla.suse.com/1181477"
},
{
"category": "self",
"summary": "SUSE Bug 1196933",
"url": "https://bugzilla.suse.com/1196933"
},
{
"category": "self",
"summary": "SUSE Bug 1204942",
"url": "https://bugzilla.suse.com/1204942"
},
{
"category": "self",
"summary": "SUSE Bug 1205533",
"url": "https://bugzilla.suse.com/1205533"
},
{
"category": "self",
"summary": "SUSE Bug 1206402",
"url": "https://bugzilla.suse.com/1206402"
},
{
"category": "self",
"summary": "SUSE Bug 1206608",
"url": "https://bugzilla.suse.com/1206608"
},
{
"category": "self",
"summary": "SUSE Bug 1207543",
"url": "https://bugzilla.suse.com/1207543"
},
{
"category": "self",
"summary": "SUSE Bug 1207598",
"url": "https://bugzilla.suse.com/1207598"
},
{
"category": "self",
"summary": "SUSE Bug 1208928",
"url": "https://bugzilla.suse.com/1208928"
},
{
"category": "self",
"summary": "SUSE Bug 1209979",
"url": "https://bugzilla.suse.com/1209979"
},
{
"category": "self",
"summary": "SUSE Bug 1210015",
"url": "https://bugzilla.suse.com/1210015"
},
{
"category": "self",
"summary": "SUSE Bug 1210950",
"url": "https://bugzilla.suse.com/1210950"
},
{
"category": "self",
"summary": "SUSE Bug 1211598",
"url": "https://bugzilla.suse.com/1211598"
},
{
"category": "self",
"summary": "SUSE Bug 1211599",
"url": "https://bugzilla.suse.com/1211599"
},
{
"category": "self",
"summary": "SUSE Bug 1213127",
"url": "https://bugzilla.suse.com/1213127"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45154 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45154/"
}
],
"title": "Security update for supportutils",
"tracking": {
"current_release_date": "2023-09-27T16:40:57Z",
"generator": {
"date": "2023-09-27T16:40:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3822-1",
"initial_release_date": "2023-09-27T16:40:57Z",
"revision_history": [
{
"date": "2023-09-27T16:40:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"product": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"product_id": "supportutils-3.1.26-150300.7.35.21.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-45154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45154"
}
],
"notes": [
{
"category": "general",
"text": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.1:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.3:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Manager Proxy 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Manager Server 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"openSUSE Leap 15.4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"openSUSE Leap 15.5:supportutils-3.1.26-150300.7.35.21.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45154",
"url": "https://www.suse.com/security/cve/CVE-2022-45154"
},
{
"category": "external",
"summary": "SUSE Bug 1207598 for CVE-2022-45154",
"url": "https://bugzilla.suse.com/1207598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.1:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.3:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Manager Proxy 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Manager Server 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"openSUSE Leap 15.4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"openSUSE Leap 15.5:supportutils-3.1.26-150300.7.35.21.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.1:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.3:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Manager Proxy 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Manager Server 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"openSUSE Leap 15.4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"openSUSE Leap 15.5:supportutils-3.1.26-150300.7.35.21.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-27T16:40:57Z",
"details": "moderate"
}
],
"title": "CVE-2022-45154"
}
]
}
SUSE-SU-2023:3822-2
Vulnerability from csaf_suse - Published: 2023-10-18 19:05 - Updated: 2023-10-18 19:05Summary
Security update for supportutils
Severity
Moderate
Notes
Title of the patch: Security update for supportutils
Description of the patch: This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other Fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
Patchnames: SUSE-2023-3822,SUSE-SLE-Micro-5.5-2023-3822
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:supportutils-3.1.26-150300.7.35.21.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for supportutils",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for supportutils fixes the following issues:\n\nSecurity fixes:\n\n- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).\n\nOther Fixes:\n\n- Changes in version 3.1.26\n + powerpc plugin to collect the slots and active memory (bsc#1210950)\n + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154\n + supportconfig: collect BPF information (pr#154)\n + Added additional iscsi information (pr#155)\n\n- Added run time detection (bsc#1213127)\n\n- Changes for supportutils version 3.1.25\n + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)\n + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)\n + powerpc: collect invscout logs (pr#150)\n + powerpc: collect RMC status logs (pr#151)\n + Added missing nvme nbft commands (bsc#1211599)\n + Fixed invalid nvme commands (bsc#1211598)\n + Added missing podman information (PED-1703, bsc#1181477)\n + Removed dependency on sysfstools\n + Check for systool use (bsc#1210015)\n + Added selinux checking (bsc#1209979)\n + Updated SLES_VER matrix\n\n- Fixed missing status detail for apparmor (bsc#1196933)\n- Corrected invalid argument list in docker.txt (bsc#1206608)\n- Applies limit equally to sar data and text files (bsc#1207543)\n- Collects hwinfo hardware logs (bsc#1208928)\n- Collects lparnumascore logs (issue#148)\n\n- Add dependency to `numactl` on ppc64le and `s390x`, this enforces\n that `numactl --hardware` data is provided in supportconfigs\n\n- Changes to supportconfig.rc version 3.1.11-35\n + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)\n\n- Changes to supportconfig version 3.1.11-46.4\n + Added plymouth_info \n\n- Changes to getappcore version 1.53.02\n + The location of chkbin was updated earlier. This documents that\n change (bsc#1205533, bsc#1204942)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3822,SUSE-SLE-Micro-5.5-2023-3822",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3822-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3822-2",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233822-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3822-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016735.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181477",
"url": "https://bugzilla.suse.com/1181477"
},
{
"category": "self",
"summary": "SUSE Bug 1196933",
"url": "https://bugzilla.suse.com/1196933"
},
{
"category": "self",
"summary": "SUSE Bug 1204942",
"url": "https://bugzilla.suse.com/1204942"
},
{
"category": "self",
"summary": "SUSE Bug 1205533",
"url": "https://bugzilla.suse.com/1205533"
},
{
"category": "self",
"summary": "SUSE Bug 1206402",
"url": "https://bugzilla.suse.com/1206402"
},
{
"category": "self",
"summary": "SUSE Bug 1206608",
"url": "https://bugzilla.suse.com/1206608"
},
{
"category": "self",
"summary": "SUSE Bug 1207543",
"url": "https://bugzilla.suse.com/1207543"
},
{
"category": "self",
"summary": "SUSE Bug 1207598",
"url": "https://bugzilla.suse.com/1207598"
},
{
"category": "self",
"summary": "SUSE Bug 1208928",
"url": "https://bugzilla.suse.com/1208928"
},
{
"category": "self",
"summary": "SUSE Bug 1209979",
"url": "https://bugzilla.suse.com/1209979"
},
{
"category": "self",
"summary": "SUSE Bug 1210015",
"url": "https://bugzilla.suse.com/1210015"
},
{
"category": "self",
"summary": "SUSE Bug 1210950",
"url": "https://bugzilla.suse.com/1210950"
},
{
"category": "self",
"summary": "SUSE Bug 1211598",
"url": "https://bugzilla.suse.com/1211598"
},
{
"category": "self",
"summary": "SUSE Bug 1211599",
"url": "https://bugzilla.suse.com/1211599"
},
{
"category": "self",
"summary": "SUSE Bug 1213127",
"url": "https://bugzilla.suse.com/1213127"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45154 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45154/"
}
],
"title": "Security update for supportutils",
"tracking": {
"current_release_date": "2023-10-18T19:05:42Z",
"generator": {
"date": "2023-10-18T19:05:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3822-2",
"initial_release_date": "2023-10-18T19:05:42Z",
"revision_history": [
{
"date": "2023-10-18T19:05:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"product": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"product_id": "supportutils-3.1.26-150300.7.35.21.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-45154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45154"
}
],
"notes": [
{
"category": "general",
"text": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:supportutils-3.1.26-150300.7.35.21.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45154",
"url": "https://www.suse.com/security/cve/CVE-2022-45154"
},
{
"category": "external",
"summary": "SUSE Bug 1207598 for CVE-2022-45154",
"url": "https://bugzilla.suse.com/1207598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:supportutils-3.1.26-150300.7.35.21.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:supportutils-3.1.26-150300.7.35.21.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-18T19:05:42Z",
"details": "moderate"
}
],
"title": "CVE-2022-45154"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…